One Guys Technical Trials and Woes

iptables and Passv FTP

Having trouble with getting FTP to work on a server with iptables? Is your server stalling out when trying to enter passv FTP mode? Well this here is the quick fix for that. Its one of those little things thats nice to keep documented.

The reason for this fail is when FTP enters passv mode, it switches from port 21 to a random port for data. The problem with this is if you use iptables, you won’t know what port it opens. Well all you have to do is enable a kernel module for this, and iptables will automatically allow the passv port to be passed through. (HARAH!)

So go ahead and get a root console, and enter the following commands:

echo nf_conntrack_ftp >> /etc/modules
modprobe nf_conntrack_ftp

And thats it, your done. What the first command does is it puts the kernel module nf_conntrack_ftp into /etc/modules so it is loaded every boot, and the second command loads the module now so you dont have to reboot the host machine. Got to love it when fixes are this easy.